summaryrefslogtreecommitdiff
path: root/src/lib/libssl/src
diff options
context:
space:
mode:
authormiod <>2014-04-14 18:40:47 +0000
committermiod <>2014-04-14 18:40:47 +0000
commit13e83c1cefc0f26760c14a634f0b2be629163d6e (patch)
treee724db329b4c43fbb2465a85da5b1d0c38eb3fee /src/lib/libssl/src
parent1e0b0a00562d6c753bab6a0ee1fdebd3ed224ee2 (diff)
downloadopenbsd-13e83c1cefc0f26760c14a634f0b2be629163d6e.tar.gz
openbsd-13e83c1cefc0f26760c14a634f0b2be629163d6e.tar.bz2
openbsd-13e83c1cefc0f26760c14a634f0b2be629163d6e.zip
Remove eng_cryptodev.c (merged into old-name hw_cryptodev.c); move
undo the move of crypto/engines/eng_padlock to engines/e_padlock. Requested by reyk@. Note that eng_padlock is not compiled in currently.
Diffstat (limited to 'src/lib/libssl/src')
-rw-r--r--src/lib/libssl/src/crypto/engine/Makefile10
-rw-r--r--src/lib/libssl/src/crypto/engine/eng_cryptodev.c1449
-rw-r--r--src/lib/libssl/src/crypto/engine/eng_padlock.c38
-rw-r--r--src/lib/libssl/src/crypto/engine/eng_padlock.ec1
-rw-r--r--src/lib/libssl/src/engines/Makefile6
-rw-r--r--src/lib/libssl/src/engines/e_padlock.c1239
-rw-r--r--src/lib/libssl/src/engines/e_padlock.ec1
7 files changed, 41 insertions, 2703 deletions
diff --git a/src/lib/libssl/src/crypto/engine/Makefile b/src/lib/libssl/src/crypto/engine/Makefile
index 44900f0420..06e1bc7494 100644
--- a/src/lib/libssl/src/crypto/engine/Makefile
+++ b/src/lib/libssl/src/crypto/engine/Makefile
@@ -17,17 +17,18 @@ TEST= enginetest.c
17APPS= 17APPS=
18 18
19LIB=$(TOP)/libcrypto.a 19LIB=$(TOP)/libcrypto.a
20LIBNAMES= eng_padlock
20LIBSRC= eng_err.c eng_lib.c eng_list.c eng_init.c eng_ctrl.c \ 21LIBSRC= eng_err.c eng_lib.c eng_list.c eng_init.c eng_ctrl.c \
21 eng_table.c eng_pkey.c eng_fat.c eng_all.c \ 22 eng_table.c eng_pkey.c eng_fat.c eng_all.c \
22 tb_rsa.c tb_dsa.c tb_ecdsa.c tb_dh.c tb_ecdh.c tb_rand.c tb_store.c \ 23 tb_rsa.c tb_dsa.c tb_ecdsa.c tb_dh.c tb_ecdh.c tb_rand.c tb_store.c \
23 tb_cipher.c tb_digest.c tb_pkmeth.c tb_asnmth.c \ 24 tb_cipher.c tb_digest.c tb_pkmeth.c tb_asnmth.c \
24 eng_openssl.c eng_cnf.c eng_dyn.c eng_cryptodev.c \ 25 eng_openssl.c eng_cnf.c eng_dyn.c \
25 eng_rsax.c eng_rdrand.c 26 eng_rsax.c eng_rdrand.c
26LIBOBJ= eng_err.o eng_lib.o eng_list.o eng_init.o eng_ctrl.o \ 27LIBOBJ= eng_err.o eng_lib.o eng_list.o eng_init.o eng_ctrl.o \
27 eng_table.o eng_pkey.o eng_fat.o eng_all.o \ 28 eng_table.o eng_pkey.o eng_fat.o eng_all.o \
28 tb_rsa.o tb_dsa.o tb_ecdsa.o tb_dh.o tb_ecdh.o tb_rand.o tb_store.o \ 29 tb_rsa.o tb_dsa.o tb_ecdsa.o tb_dh.o tb_ecdh.o tb_rand.o tb_store.o \
29 tb_cipher.o tb_digest.o tb_pkmeth.o tb_asnmth.o \ 30 tb_cipher.o tb_digest.o tb_pkmeth.o tb_asnmth.o \
30 eng_openssl.o eng_cnf.o eng_dyn.o eng_cryptodev.o \ 31 eng_openssl.o eng_cnf.o eng_dyn.o \
31 eng_rsax.o eng_rdrand.o 32 eng_rsax.o eng_rdrand.o
32 33
33SRC= $(LIBSRC) 34SRC= $(LIBSRC)
@@ -66,6 +67,11 @@ install:
66tags: 67tags:
67 ctags $(SRC) 68 ctags $(SRC)
68 69
70errors:
71 set -e; for l in $(LIBNAMES); do \
72 $(PERL) ../../util/mkerr.pl -conf eng_$$l.ec \
73 -nostatic -staticloader -write eng_$$l.c; \
74 done
69tests: 75tests:
70 76
71lint: 77lint:
diff --git a/src/lib/libssl/src/crypto/engine/eng_cryptodev.c b/src/lib/libssl/src/crypto/engine/eng_cryptodev.c
deleted file mode 100644
index a7abac1a7b..0000000000
--- a/src/lib/libssl/src/crypto/engine/eng_cryptodev.c
+++ /dev/null
@@ -1,1449 +0,0 @@
1/*
2 * Copyright (c) 2002 Bob Beck <beck@openbsd.org>
3 * Copyright (c) 2002 Theo de Raadt
4 * Copyright (c) 2002 Markus Friedl
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 *
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ANY
17 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
18 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
19 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY
20 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
21 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
22 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
23 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
24 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
25 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26 *
27 */
28
29#include <openssl/objects.h>
30#include <openssl/engine.h>
31#include <openssl/evp.h>
32#include <openssl/bn.h>
33
34#if (defined(__unix__) || defined(unix)) && !defined(USG) && \
35 (defined(__OpenBSD__) || defined(__FreeBSD__))
36#include <sys/param.h>
37# if (OpenBSD >= 200112) || ((__FreeBSD_version >= 470101 && __FreeBSD_version < 500000) || __FreeBSD_version >= 500041)
38# define HAVE_CRYPTODEV
39# endif
40# if (OpenBSD >= 200110)
41# define HAVE_SYSLOG_R
42# endif
43#endif
44
45#ifndef HAVE_CRYPTODEV
46
47void
48ENGINE_load_cryptodev(void)
49{
50 /* This is a NOP on platforms without /dev/crypto */
51 return;
52}
53
54#else
55
56#include <sys/types.h>
57#include <crypto/cryptodev.h>
58#include <crypto/dh/dh.h>
59#include <crypto/dsa/dsa.h>
60#include <crypto/err/err.h>
61#include <crypto/rsa/rsa.h>
62#include <sys/ioctl.h>
63#include <errno.h>
64#include <stdio.h>
65#include <unistd.h>
66#include <fcntl.h>
67#include <stdarg.h>
68#include <syslog.h>
69#include <errno.h>
70#include <string.h>
71
72struct dev_crypto_state {
73 struct session_op d_sess;
74 int d_fd;
75
76#ifdef USE_CRYPTODEV_DIGESTS
77 char dummy_mac_key[HASH_MAX_LEN];
78
79 unsigned char digest_res[HASH_MAX_LEN];
80 char *mac_data;
81 int mac_len;
82#endif
83};
84
85static u_int32_t cryptodev_asymfeat = 0;
86
87static int get_asym_dev_crypto(void);
88static int open_dev_crypto(void);
89static int get_dev_crypto(void);
90static int get_cryptodev_ciphers(const int **cnids);
91#ifdef USE_CRYPTODEV_DIGESTS
92static int get_cryptodev_digests(const int **cnids);
93#endif
94static int cryptodev_usable_ciphers(const int **nids);
95static int cryptodev_usable_digests(const int **nids);
96static int cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
97 const unsigned char *in, size_t inl);
98static int cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
99 const unsigned char *iv, int enc);
100static int cryptodev_cleanup(EVP_CIPHER_CTX *ctx);
101static int cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
102 const int **nids, int nid);
103static int cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest,
104 const int **nids, int nid);
105static int bn2crparam(const BIGNUM *a, struct crparam *crp);
106static int crparam2bn(struct crparam *crp, BIGNUM *a);
107static void zapparams(struct crypt_kop *kop);
108static int cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r,
109 int slen, BIGNUM *s);
110
111static int cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a,
112 const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
113static int cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I,
114 RSA *rsa, BN_CTX *ctx);
115static int cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx);
116static int cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a,
117 const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
118static int cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g,
119 BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, BIGNUM *p,
120 BN_CTX *ctx, BN_MONT_CTX *mont);
121static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst,
122 int dlen, DSA *dsa);
123static int cryptodev_dsa_verify(const unsigned char *dgst, int dgst_len,
124 DSA_SIG *sig, DSA *dsa);
125static int cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
126 const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
127 BN_MONT_CTX *m_ctx);
128static int cryptodev_dh_compute_key(unsigned char *key,
129 const BIGNUM *pub_key, DH *dh);
130static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p,
131 void (*f)(void));
132void ENGINE_load_cryptodev(void);
133
134static const ENGINE_CMD_DEFN cryptodev_defns[] = {
135 { 0, NULL, NULL, 0 }
136};
137
138static struct {
139 int id;
140 int nid;
141 int ivmax;
142 int keylen;
143} ciphers[] = {
144 { CRYPTO_ARC4, NID_rc4, 0, 16, },
145 { CRYPTO_DES_CBC, NID_des_cbc, 8, 8, },
146 { CRYPTO_3DES_CBC, NID_des_ede3_cbc, 8, 24, },
147 { CRYPTO_AES_CBC, NID_aes_128_cbc, 16, 16, },
148 { CRYPTO_AES_CBC, NID_aes_192_cbc, 16, 24, },
149 { CRYPTO_AES_CBC, NID_aes_256_cbc, 16, 32, },
150 { CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16, },
151 { CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16, },
152 { 0, NID_undef, 0, 0, },
153};
154
155#ifdef USE_CRYPTODEV_DIGESTS
156static struct {
157 int id;
158 int nid;
159 int keylen;
160} digests[] = {
161 { CRYPTO_MD5_HMAC, NID_hmacWithMD5, 16},
162 { CRYPTO_SHA1_HMAC, NID_hmacWithSHA1, 20},
163 { CRYPTO_RIPEMD160_HMAC, NID_ripemd160, 16/*?*/},
164 { CRYPTO_MD5_KPDK, NID_undef, 0},
165 { CRYPTO_SHA1_KPDK, NID_undef, 0},
166 { CRYPTO_MD5, NID_md5, 16},
167 { CRYPTO_SHA1, NID_sha1, 20},
168 { 0, NID_undef, 0},
169};
170#endif
171
172/*
173 * Return a fd if /dev/crypto seems usable, 0 otherwise.
174 */
175static int
176open_dev_crypto(void)
177{
178 static int fd = -1;
179
180 if (fd == -1) {
181 if ((fd = open("/dev/crypto", O_RDWR, 0)) == -1)
182 return (-1);
183 /* close on exec */
184 if (fcntl(fd, F_SETFD, 1) == -1) {
185 close(fd);
186 fd = -1;
187 return (-1);
188 }
189 }
190 return (fd);
191}
192
193static int
194get_dev_crypto(void)
195{
196 int fd, retfd;
197
198 if ((fd = open_dev_crypto()) == -1)
199 return (-1);
200#ifndef CRIOGET_NOT_NEEDED
201 if (ioctl(fd, CRIOGET, &retfd) == -1)
202 return (-1);
203
204 /* close on exec */
205 if (fcntl(retfd, F_SETFD, 1) == -1) {
206 close(retfd);
207 return (-1);
208 }
209#else
210 retfd = fd;
211#endif
212 return (retfd);
213}
214
215static void put_dev_crypto(int fd)
216{
217#ifndef CRIOGET_NOT_NEEDED
218 close(fd);
219#endif
220}
221
222/* Caching version for asym operations */
223static int
224get_asym_dev_crypto(void)
225{
226 static int fd = -1;
227
228 if (fd == -1)
229 fd = get_dev_crypto();
230 return fd;
231}
232
233/*
234 * Find out what ciphers /dev/crypto will let us have a session for.
235 * XXX note, that some of these openssl doesn't deal with yet!
236 * returning them here is harmless, as long as we return NULL
237 * when asked for a handler in the cryptodev_engine_ciphers routine
238 */
239static int
240get_cryptodev_ciphers(const int **cnids)
241{
242 static int nids[CRYPTO_ALGORITHM_MAX];
243 struct session_op sess;
244 int fd, i, count = 0;
245
246 if ((fd = get_dev_crypto()) < 0) {
247 *cnids = NULL;
248 return (0);
249 }
250 memset(&sess, 0, sizeof(sess));
251 sess.key = (caddr_t)"123456789abcdefghijklmno";
252
253 for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
254 if (ciphers[i].nid == NID_undef)
255 continue;
256 sess.cipher = ciphers[i].id;
257 sess.keylen = ciphers[i].keylen;
258 sess.mac = 0;
259 if (ioctl(fd, CIOCGSESSION, &sess) != -1 &&
260 ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
261 nids[count++] = ciphers[i].nid;
262 }
263 put_dev_crypto(fd);
264
265 if (count > 0)
266 *cnids = nids;
267 else
268 *cnids = NULL;
269 return (count);
270}
271
272#ifdef USE_CRYPTODEV_DIGESTS
273/*
274 * Find out what digests /dev/crypto will let us have a session for.
275 * XXX note, that some of these openssl doesn't deal with yet!
276 * returning them here is harmless, as long as we return NULL
277 * when asked for a handler in the cryptodev_engine_digests routine
278 */
279static int
280get_cryptodev_digests(const int **cnids)
281{
282 static int nids[CRYPTO_ALGORITHM_MAX];
283 struct session_op sess;
284 int fd, i, count = 0;
285
286 if ((fd = get_dev_crypto()) < 0) {
287 *cnids = NULL;
288 return (0);
289 }
290 memset(&sess, 0, sizeof(sess));
291 sess.mackey = (caddr_t)"123456789abcdefghijklmno";
292 for (i = 0; digests[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
293 if (digests[i].nid == NID_undef)
294 continue;
295 sess.mac = digests[i].id;
296 sess.mackeylen = digests[i].keylen;
297 sess.cipher = 0;
298 if (ioctl(fd, CIOCGSESSION, &sess) != -1 &&
299 ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
300 nids[count++] = digests[i].nid;
301 }
302 put_dev_crypto(fd);
303
304 if (count > 0)
305 *cnids = nids;
306 else
307 *cnids = NULL;
308 return (count);
309}
310#endif /* 0 */
311
312/*
313 * Find the useable ciphers|digests from dev/crypto - this is the first
314 * thing called by the engine init crud which determines what it
315 * can use for ciphers from this engine. We want to return
316 * only what we can do, anythine else is handled by software.
317 *
318 * If we can't initialize the device to do anything useful for
319 * any reason, we want to return a NULL array, and 0 length,
320 * which forces everything to be done is software. By putting
321 * the initalization of the device in here, we ensure we can
322 * use this engine as the default, and if for whatever reason
323 * /dev/crypto won't do what we want it will just be done in
324 * software
325 *
326 * This can (should) be greatly expanded to perhaps take into
327 * account speed of the device, and what we want to do.
328 * (although the disabling of particular alg's could be controlled
329 * by the device driver with sysctl's.) - this is where we
330 * want most of the decisions made about what we actually want
331 * to use from /dev/crypto.
332 */
333static int
334cryptodev_usable_ciphers(const int **nids)
335{
336 return (get_cryptodev_ciphers(nids));
337}
338
339static int
340cryptodev_usable_digests(const int **nids)
341{
342#ifdef USE_CRYPTODEV_DIGESTS
343 return (get_cryptodev_digests(nids));
344#else
345 /*
346 * XXXX just disable all digests for now, because it sucks.
347 * we need a better way to decide this - i.e. I may not
348 * want digests on slow cards like hifn on fast machines,
349 * but might want them on slow or loaded machines, etc.
350 * will also want them when using crypto cards that don't
351 * suck moose gonads - would be nice to be able to decide something
352 * as reasonable default without having hackery that's card dependent.
353 * of course, the default should probably be just do everything,
354 * with perhaps a sysctl to turn algoritms off (or have them off
355 * by default) on cards that generally suck like the hifn.
356 */
357 *nids = NULL;
358 return (0);
359#endif
360}
361
362static int
363cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
364 const unsigned char *in, size_t inl)
365{
366 struct crypt_op cryp;
367 struct dev_crypto_state *state = ctx->cipher_data;
368 struct session_op *sess = &state->d_sess;
369 const void *iiv;
370 unsigned char save_iv[EVP_MAX_IV_LENGTH];
371
372 if (state->d_fd < 0)
373 return (0);
374 if (!inl)
375 return (1);
376 if ((inl % ctx->cipher->block_size) != 0)
377 return (0);
378
379 memset(&cryp, 0, sizeof(cryp));
380
381 cryp.ses = sess->ses;
382 cryp.flags = 0;
383 cryp.len = inl;
384 cryp.src = (caddr_t) in;
385 cryp.dst = (caddr_t) out;
386 cryp.mac = 0;
387
388 cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;
389
390 if (ctx->cipher->iv_len) {
391 cryp.iv = (caddr_t) ctx->iv;
392 if (!ctx->encrypt) {
393 iiv = in + inl - ctx->cipher->iv_len;
394 memcpy(save_iv, iiv, ctx->cipher->iv_len);
395 }
396 } else
397 cryp.iv = NULL;
398
399 if (ioctl(state->d_fd, CIOCCRYPT, &cryp) == -1) {
400 /* XXX need better errror handling
401 * this can fail for a number of different reasons.
402 */
403 return (0);
404 }
405
406 if (ctx->cipher->iv_len) {
407 if (ctx->encrypt)
408 iiv = out + inl - ctx->cipher->iv_len;
409 else
410 iiv = save_iv;
411 memcpy(ctx->iv, iiv, ctx->cipher->iv_len);
412 }
413 return (1);
414}
415
416static int
417cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
418 const unsigned char *iv, int enc)
419{
420 struct dev_crypto_state *state = ctx->cipher_data;
421 struct session_op *sess = &state->d_sess;
422 int cipher = -1, i;
423
424 for (i = 0; ciphers[i].id; i++)
425 if (ctx->cipher->nid == ciphers[i].nid &&
426 ctx->cipher->iv_len <= ciphers[i].ivmax &&
427 ctx->key_len == ciphers[i].keylen) {
428 cipher = ciphers[i].id;
429 break;
430 }
431
432 if (!ciphers[i].id) {
433 state->d_fd = -1;
434 return (0);
435 }
436
437 memset(sess, 0, sizeof(struct session_op));
438
439 if ((state->d_fd = get_dev_crypto()) < 0)
440 return (0);
441
442 sess->key = (caddr_t)key;
443 sess->keylen = ctx->key_len;
444 sess->cipher = cipher;
445
446 if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) {
447 put_dev_crypto(state->d_fd);
448 state->d_fd = -1;
449 return (0);
450 }
451 return (1);
452}
453
454/*
455 * free anything we allocated earlier when initting a
456 * session, and close the session.
457 */
458static int
459cryptodev_cleanup(EVP_CIPHER_CTX *ctx)
460{
461 int ret = 0;
462 struct dev_crypto_state *state = ctx->cipher_data;
463 struct session_op *sess = &state->d_sess;
464
465 if (state->d_fd < 0)
466 return (0);
467
468 /* XXX if this ioctl fails, someting's wrong. the invoker
469 * may have called us with a bogus ctx, or we could
470 * have a device that for whatever reason just doesn't
471 * want to play ball - it's not clear what's right
472 * here - should this be an error? should it just
473 * increase a counter, hmm. For right now, we return
474 * 0 - I don't believe that to be "right". we could
475 * call the gorpy openssl lib error handlers that
476 * print messages to users of the library. hmm..
477 */
478
479 if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) == -1) {
480 ret = 0;
481 } else {
482 ret = 1;
483 }
484 put_dev_crypto(state->d_fd);
485 state->d_fd = -1;
486
487 return (ret);
488}
489
490/*
491 * libcrypto EVP stuff - this is how we get wired to EVP so the engine
492 * gets called when libcrypto requests a cipher NID.
493 */
494
495/* RC4 */
496const EVP_CIPHER cryptodev_rc4 = {
497 NID_rc4,
498 1, 16, 0,
499 EVP_CIPH_VARIABLE_LENGTH,
500 cryptodev_init_key,
501 cryptodev_cipher,
502 cryptodev_cleanup,
503 sizeof(struct dev_crypto_state),
504 NULL,
505 NULL,
506 NULL
507};
508
509/* DES CBC EVP */
510const EVP_CIPHER cryptodev_des_cbc = {
511 NID_des_cbc,
512 8, 8, 8,
513 EVP_CIPH_CBC_MODE,
514 cryptodev_init_key,
515 cryptodev_cipher,
516 cryptodev_cleanup,
517 sizeof(struct dev_crypto_state),
518 EVP_CIPHER_set_asn1_iv,
519 EVP_CIPHER_get_asn1_iv,
520 NULL
521};
522
523/* 3DES CBC EVP */
524const EVP_CIPHER cryptodev_3des_cbc = {
525 NID_des_ede3_cbc,
526 8, 24, 8,
527 EVP_CIPH_CBC_MODE,
528 cryptodev_init_key,
529 cryptodev_cipher,
530 cryptodev_cleanup,
531 sizeof(struct dev_crypto_state),
532 EVP_CIPHER_set_asn1_iv,
533 EVP_CIPHER_get_asn1_iv,
534 NULL
535};
536
537const EVP_CIPHER cryptodev_bf_cbc = {
538 NID_bf_cbc,
539 8, 16, 8,
540 EVP_CIPH_CBC_MODE,
541 cryptodev_init_key,
542 cryptodev_cipher,
543 cryptodev_cleanup,
544 sizeof(struct dev_crypto_state),
545 EVP_CIPHER_set_asn1_iv,
546 EVP_CIPHER_get_asn1_iv,
547 NULL
548};
549
550const EVP_CIPHER cryptodev_cast_cbc = {
551 NID_cast5_cbc,
552 8, 16, 8,
553 EVP_CIPH_CBC_MODE,
554 cryptodev_init_key,
555 cryptodev_cipher,
556 cryptodev_cleanup,
557 sizeof(struct dev_crypto_state),
558 EVP_CIPHER_set_asn1_iv,
559 EVP_CIPHER_get_asn1_iv,
560 NULL
561};
562
563const EVP_CIPHER cryptodev_aes_cbc = {
564 NID_aes_128_cbc,
565 16, 16, 16,
566 EVP_CIPH_CBC_MODE,
567 cryptodev_init_key,
568 cryptodev_cipher,
569 cryptodev_cleanup,
570 sizeof(struct dev_crypto_state),
571 EVP_CIPHER_set_asn1_iv,
572 EVP_CIPHER_get_asn1_iv,
573 NULL
574};
575
576const EVP_CIPHER cryptodev_aes_192_cbc = {
577 NID_aes_192_cbc,
578 16, 24, 16,
579 EVP_CIPH_CBC_MODE,
580 cryptodev_init_key,
581 cryptodev_cipher,
582 cryptodev_cleanup,
583 sizeof(struct dev_crypto_state),
584 EVP_CIPHER_set_asn1_iv,
585 EVP_CIPHER_get_asn1_iv,
586 NULL
587};
588
589const EVP_CIPHER cryptodev_aes_256_cbc = {
590 NID_aes_256_cbc,
591 16, 32, 16,
592 EVP_CIPH_CBC_MODE,
593 cryptodev_init_key,
594 cryptodev_cipher,
595 cryptodev_cleanup,
596 sizeof(struct dev_crypto_state),
597 EVP_CIPHER_set_asn1_iv,
598 EVP_CIPHER_get_asn1_iv,
599 NULL
600};
601
602/*
603 * Registered by the ENGINE when used to find out how to deal with
604 * a particular NID in the ENGINE. this says what we'll do at the
605 * top level - note, that list is restricted by what we answer with
606 */
607static int
608cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
609 const int **nids, int nid)
610{
611 if (!cipher)
612 return (cryptodev_usable_ciphers(nids));
613
614 switch (nid) {
615 case NID_rc4:
616 *cipher = &cryptodev_rc4;
617 break;
618 case NID_des_ede3_cbc:
619 *cipher = &cryptodev_3des_cbc;
620 break;
621 case NID_des_cbc:
622 *cipher = &cryptodev_des_cbc;
623 break;
624 case NID_bf_cbc:
625 *cipher = &cryptodev_bf_cbc;
626 break;
627 case NID_cast5_cbc:
628 *cipher = &cryptodev_cast_cbc;
629 break;
630 case NID_aes_128_cbc:
631 *cipher = &cryptodev_aes_cbc;
632 break;
633 case NID_aes_192_cbc:
634 *cipher = &cryptodev_aes_192_cbc;
635 break;
636 case NID_aes_256_cbc:
637 *cipher = &cryptodev_aes_256_cbc;
638 break;
639 default:
640 *cipher = NULL;
641 break;
642 }
643 return (*cipher != NULL);
644}
645
646
647#ifdef USE_CRYPTODEV_DIGESTS
648
649/* convert digest type to cryptodev */
650static int
651digest_nid_to_cryptodev(int nid)
652{
653 int i;
654
655 for (i = 0; digests[i].id; i++)
656 if (digests[i].nid == nid)
657 return (digests[i].id);
658 return (0);
659}
660
661
662static int
663digest_key_length(int nid)
664{
665 int i;
666
667 for (i = 0; digests[i].id; i++)
668 if (digests[i].nid == nid)
669 return digests[i].keylen;
670 return (0);
671}
672
673
674static int cryptodev_digest_init(EVP_MD_CTX *ctx)
675{
676 struct dev_crypto_state *state = ctx->md_data;
677 struct session_op *sess = &state->d_sess;
678 int digest;
679
680 if ((digest = digest_nid_to_cryptodev(ctx->digest->type)) == NID_undef){
681 printf("cryptodev_digest_init: Can't get digest \n");
682 return (0);
683 }
684
685 memset(state, 0, sizeof(struct dev_crypto_state));
686
687 if ((state->d_fd = get_dev_crypto()) < 0) {
688 printf("cryptodev_digest_init: Can't get Dev \n");
689 return (0);
690 }
691
692 sess->mackey = state->dummy_mac_key;
693 sess->mackeylen = digest_key_length(ctx->digest->type);
694 sess->mac = digest;
695
696 if (ioctl(state->d_fd, CIOCGSESSION, sess) < 0) {
697 put_dev_crypto(state->d_fd);
698 state->d_fd = -1;
699 printf("cryptodev_digest_init: Open session failed\n");
700 return (0);
701 }
702
703 return (1);
704}
705
706static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data,
707 size_t count)
708{
709 struct crypt_op cryp;
710 struct dev_crypto_state *state = ctx->md_data;
711 struct session_op *sess = &state->d_sess;
712
713 if (!data || state->d_fd < 0) {
714 printf("cryptodev_digest_update: illegal inputs \n");
715 return (0);
716 }
717
718 if (!count) {
719 return (0);
720 }
721
722 if (!(ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)) {
723 /* if application doesn't support one buffer */
724 state->mac_data = OPENSSL_realloc(state->mac_data, state->mac_len + count);
725
726 if (!state->mac_data) {
727 printf("cryptodev_digest_update: realloc failed\n");
728 return (0);
729 }
730
731 memcpy(state->mac_data + state->mac_len, data, count);
732 state->mac_len += count;
733
734 return (1);
735 }
736
737 memset(&cryp, 0, sizeof(cryp));
738
739 cryp.ses = sess->ses;
740 cryp.flags = 0;
741 cryp.len = count;
742 cryp.src = (caddr_t) data;
743 cryp.dst = NULL;
744 cryp.mac = (caddr_t) state->digest_res;
745 if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
746 printf("cryptodev_digest_update: digest failed\n");
747 return (0);
748 }
749 return (1);
750}
751
752
753static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
754{
755 struct crypt_op cryp;
756 struct dev_crypto_state *state = ctx->md_data;
757 struct session_op *sess = &state->d_sess;
758
759 int ret = 1;
760
761 if (!md || state->d_fd < 0) {
762 printf("cryptodev_digest_final: illegal input\n");
763 return(0);
764 }
765
766 if (! (ctx->flags & EVP_MD_CTX_FLAG_ONESHOT) ) {
767 /* if application doesn't support one buffer */
768 memset(&cryp, 0, sizeof(cryp));
769 cryp.ses = sess->ses;
770 cryp.flags = 0;
771 cryp.len = state->mac_len;
772 cryp.src = state->mac_data;
773 cryp.dst = NULL;
774 cryp.mac = (caddr_t)md;
775 if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
776 printf("cryptodev_digest_final: digest failed\n");
777 return (0);
778 }
779
780 return 1;
781 }
782
783 memcpy(md, state->digest_res, ctx->digest->md_size);
784
785 return (ret);
786}
787
788
789static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx)
790{
791 int ret = 1;
792 struct dev_crypto_state *state = ctx->md_data;
793 struct session_op *sess = &state->d_sess;
794
795 if (state == NULL)
796 return 0;
797
798 if (state->d_fd < 0) {
799 printf("cryptodev_digest_cleanup: illegal input\n");
800 return (0);
801 }
802
803 if (state->mac_data) {
804 OPENSSL_free(state->mac_data);
805 state->mac_data = NULL;
806 state->mac_len = 0;
807 }
808
809 if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) < 0) {
810 printf("cryptodev_digest_cleanup: failed to close session\n");
811 ret = 0;
812 } else {
813 ret = 1;
814 }
815 put_dev_crypto(state->d_fd);
816 state->d_fd = -1;
817
818 return (ret);
819}
820
821static int cryptodev_digest_copy(EVP_MD_CTX *to,const EVP_MD_CTX *from)
822{
823 struct dev_crypto_state *fstate = from->md_data;
824 struct dev_crypto_state *dstate = to->md_data;
825 struct session_op *sess;
826 int digest;
827
828 if (dstate == NULL || fstate == NULL)
829 return 1;
830
831 memcpy(dstate, fstate, sizeof(struct dev_crypto_state));
832
833 sess = &dstate->d_sess;
834
835 digest = digest_nid_to_cryptodev(to->digest->type);
836
837 sess->mackey = dstate->dummy_mac_key;
838 sess->mackeylen = digest_key_length(to->digest->type);
839 sess->mac = digest;
840
841 dstate->d_fd = get_dev_crypto();
842
843 if (ioctl(dstate->d_fd, CIOCGSESSION, sess) < 0) {
844 put_dev_crypto(dstate->d_fd);
845 dstate->d_fd = -1;
846 printf("cryptodev_digest_init: Open session failed\n");
847 return (0);
848 }
849
850 if (fstate->mac_len != 0) {
851 if (fstate->mac_data != NULL)
852 {
853 dstate->mac_data = OPENSSL_malloc(fstate->mac_len);
854 memcpy(dstate->mac_data, fstate->mac_data, fstate->mac_len);
855 dstate->mac_len = fstate->mac_len;
856 }
857 }
858
859 return 1;
860}
861
862
863const EVP_MD cryptodev_sha1 = {
864 NID_sha1,
865 NID_undef,
866 SHA_DIGEST_LENGTH,
867 EVP_MD_FLAG_ONESHOT,
868 cryptodev_digest_init,
869 cryptodev_digest_update,
870 cryptodev_digest_final,
871 cryptodev_digest_copy,
872 cryptodev_digest_cleanup,
873 EVP_PKEY_NULL_method,
874 SHA_CBLOCK,
875 sizeof(struct dev_crypto_state),
876};
877
878const EVP_MD cryptodev_md5 = {
879 NID_md5,
880 NID_undef,
881 16 /* MD5_DIGEST_LENGTH */,
882 EVP_MD_FLAG_ONESHOT,
883 cryptodev_digest_init,
884 cryptodev_digest_update,
885 cryptodev_digest_final,
886 cryptodev_digest_copy,
887 cryptodev_digest_cleanup,
888 EVP_PKEY_NULL_method,
889 64 /* MD5_CBLOCK */,
890 sizeof(struct dev_crypto_state),
891};
892
893#endif /* USE_CRYPTODEV_DIGESTS */
894
895
896static int
897cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest,
898 const int **nids, int nid)
899{
900 if (!digest)
901 return (cryptodev_usable_digests(nids));
902
903 switch (nid) {
904#ifdef USE_CRYPTODEV_DIGESTS
905 case NID_md5:
906 *digest = &cryptodev_md5;
907 break;
908 case NID_sha1:
909 *digest = &cryptodev_sha1;
910 break;
911 default:
912#endif /* USE_CRYPTODEV_DIGESTS */
913 *digest = NULL;
914 break;
915 }
916 return (*digest != NULL);
917}
918
919/*
920 * Convert a BIGNUM to the representation that /dev/crypto needs.
921 * Upon completion of use, the caller is responsible for freeing
922 * crp->crp_p.
923 */
924static int
925bn2crparam(const BIGNUM *a, struct crparam *crp)
926{
927 int i, j, k;
928 ssize_t bytes, bits;
929 u_char *b;
930
931 crp->crp_p = NULL;
932 crp->crp_nbits = 0;
933
934 bits = BN_num_bits(a);
935 bytes = (bits + 7) / 8;
936
937 b = malloc(bytes);
938 if (b == NULL)
939 return (1);
940 memset(b, 0, bytes);
941
942 crp->crp_p = (caddr_t) b;
943 crp->crp_nbits = bits;
944
945 for (i = 0, j = 0; i < a->top; i++) {
946 for (k = 0; k < BN_BITS2 / 8; k++) {
947 if ((j + k) >= bytes)
948 return (0);
949 b[j + k] = a->d[i] >> (k * 8);
950 }
951 j += BN_BITS2 / 8;
952 }
953 return (0);
954}
955
956/* Convert a /dev/crypto parameter to a BIGNUM */
957static int
958crparam2bn(struct crparam *crp, BIGNUM *a)
959{
960 u_int8_t *pd;
961 int i, bytes;
962
963 bytes = (crp->crp_nbits + 7) / 8;
964
965 if (bytes == 0)
966 return (-1);
967
968 if ((pd = (u_int8_t *) malloc(bytes)) == NULL)
969 return (-1);
970
971 for (i = 0; i < bytes; i++)
972 pd[i] = crp->crp_p[bytes - i - 1];
973
974 BN_bin2bn(pd, bytes, a);
975 free(pd);
976
977 return (0);
978}
979
980static void
981zapparams(struct crypt_kop *kop)
982{
983 int i;
984
985 for (i = 0; i < kop->crk_iparams + kop->crk_oparams; i++) {
986 if (kop->crk_param[i].crp_p)
987 free(kop->crk_param[i].crp_p);
988 kop->crk_param[i].crp_p = NULL;
989 kop->crk_param[i].crp_nbits = 0;
990 }
991}
992
993static int
994cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen, BIGNUM *s)
995{
996 int fd, ret = -1;
997
998 if ((fd = get_asym_dev_crypto()) < 0)
999 return (ret);
1000
1001 if (r) {
1002 kop->crk_param[kop->crk_iparams].crp_p = calloc(rlen, sizeof(char));
1003 kop->crk_param[kop->crk_iparams].crp_nbits = rlen * 8;
1004 kop->crk_oparams++;
1005 }
1006 if (s) {
1007 kop->crk_param[kop->crk_iparams+1].crp_p = calloc(slen, sizeof(char));
1008 kop->crk_param[kop->crk_iparams+1].crp_nbits = slen * 8;
1009 kop->crk_oparams++;
1010 }
1011
1012 if (ioctl(fd, CIOCKEY, kop) == 0) {
1013 if (r)
1014 crparam2bn(&kop->crk_param[kop->crk_iparams], r);
1015 if (s)
1016 crparam2bn(&kop->crk_param[kop->crk_iparams+1], s);
1017 ret = 0;
1018 }
1019
1020 return (ret);
1021}
1022
1023static int
1024cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
1025 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
1026{
1027 struct crypt_kop kop;
1028 int ret = 1;
1029
1030 /* Currently, we know we can do mod exp iff we can do any
1031 * asymmetric operations at all.
1032 */
1033 if (cryptodev_asymfeat == 0) {
1034 ret = BN_mod_exp(r, a, p, m, ctx);
1035 return (ret);
1036 }
1037
1038 memset(&kop, 0, sizeof kop);
1039 kop.crk_op = CRK_MOD_EXP;
1040
1041 /* inputs: a^p % m */
1042 if (bn2crparam(a, &kop.crk_param[0]))
1043 goto err;
1044 if (bn2crparam(p, &kop.crk_param[1]))
1045 goto err;
1046 if (bn2crparam(m, &kop.crk_param[2]))
1047 goto err;
1048 kop.crk_iparams = 3;
1049
1050 if (cryptodev_asym(&kop, BN_num_bytes(m), r, 0, NULL)) {
1051 const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
1052 printf("OCF asym process failed, Running in software\n");
1053 ret = meth->bn_mod_exp(r, a, p, m, ctx, in_mont);
1054
1055 } else if (ECANCELED == kop.crk_status) {
1056 const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
1057 printf("OCF hardware operation cancelled. Running in Software\n");
1058 ret = meth->bn_mod_exp(r, a, p, m, ctx, in_mont);
1059 }
1060 /* else cryptodev operation worked ok ==> ret = 1*/
1061
1062err:
1063 zapparams(&kop);
1064 return (ret);
1065}
1066
1067static int
1068cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
1069{
1070 int r;
1071 ctx = BN_CTX_new();
1072 r = cryptodev_bn_mod_exp(r0, I, rsa->d, rsa->n, ctx, NULL);
1073 BN_CTX_free(ctx);
1074 return (r);
1075}
1076
1077static int
1078cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
1079{
1080 struct crypt_kop kop;
1081 int ret = 1;
1082
1083 if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) {
1084 /* XXX 0 means failure?? */
1085 return (0);
1086 }
1087
1088 memset(&kop, 0, sizeof kop);
1089 kop.crk_op = CRK_MOD_EXP_CRT;
1090 /* inputs: rsa->p rsa->q I rsa->dmp1 rsa->dmq1 rsa->iqmp */
1091 if (bn2crparam(rsa->p, &kop.crk_param[0]))
1092 goto err;
1093 if (bn2crparam(rsa->q, &kop.crk_param[1]))
1094 goto err;
1095 if (bn2crparam(I, &kop.crk_param[2]))
1096 goto err;
1097 if (bn2crparam(rsa->dmp1, &kop.crk_param[3]))
1098 goto err;
1099 if (bn2crparam(rsa->dmq1, &kop.crk_param[4]))
1100 goto err;
1101 if (bn2crparam(rsa->iqmp, &kop.crk_param[5]))
1102 goto err;
1103 kop.crk_iparams = 6;
1104
1105 if (cryptodev_asym(&kop, BN_num_bytes(rsa->n), r0, 0, NULL)) {
1106 const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
1107 printf("OCF asym process failed, running in Software\n");
1108 ret = (*meth->rsa_mod_exp)(r0, I, rsa, ctx);
1109
1110 } else if (ECANCELED == kop.crk_status) {
1111 const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
1112 printf("OCF hardware operation cancelled. Running in Software\n");
1113 ret = (*meth->rsa_mod_exp)(r0, I, rsa, ctx);
1114 }
1115 /* else cryptodev operation worked ok ==> ret = 1*/
1116
1117err:
1118 zapparams(&kop);
1119 return (ret);
1120}
1121
1122static RSA_METHOD cryptodev_rsa = {
1123 "cryptodev RSA method",
1124 NULL, /* rsa_pub_enc */
1125 NULL, /* rsa_pub_dec */
1126 NULL, /* rsa_priv_enc */
1127 NULL, /* rsa_priv_dec */
1128 NULL,
1129 NULL,
1130 NULL, /* init */
1131 NULL, /* finish */
1132 0, /* flags */
1133 NULL, /* app_data */
1134 NULL, /* rsa_sign */
1135 NULL /* rsa_verify */
1136};
1137
1138static int
1139cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
1140 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
1141{
1142 return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx));
1143}
1144
1145static int
1146cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g,
1147 BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, BIGNUM *p,
1148 BN_CTX *ctx, BN_MONT_CTX *mont)
1149{
1150 BIGNUM t2;
1151 int ret = 0;
1152
1153 BN_init(&t2);
1154
1155 /* v = ( g^u1 * y^u2 mod p ) mod q */
1156 /* let t1 = g ^ u1 mod p */
1157 ret = 0;
1158
1159 if (!dsa->meth->bn_mod_exp(dsa,t1,dsa->g,u1,dsa->p,ctx,mont))
1160 goto err;
1161
1162 /* let t2 = y ^ u2 mod p */
1163 if (!dsa->meth->bn_mod_exp(dsa,&t2,dsa->pub_key,u2,dsa->p,ctx,mont))
1164 goto err;
1165 /* let u1 = t1 * t2 mod p */
1166 if (!BN_mod_mul(u1,t1,&t2,dsa->p,ctx))
1167 goto err;
1168
1169 BN_copy(t1,u1);
1170
1171 ret = 1;
1172err:
1173 BN_free(&t2);
1174 return(ret);
1175}
1176
1177static DSA_SIG *
1178cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
1179{
1180 struct crypt_kop kop;
1181 BIGNUM *r = NULL, *s = NULL;
1182 DSA_SIG *dsaret = NULL;
1183
1184 if ((r = BN_new()) == NULL)
1185 goto err;
1186 if ((s = BN_new()) == NULL) {
1187 BN_free(r);
1188 goto err;
1189 }
1190
1191 memset(&kop, 0, sizeof kop);
1192 kop.crk_op = CRK_DSA_SIGN;
1193
1194 /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
1195 kop.crk_param[0].crp_p = (caddr_t)dgst;
1196 kop.crk_param[0].crp_nbits = dlen * 8;
1197 if (bn2crparam(dsa->p, &kop.crk_param[1]))
1198 goto err;
1199 if (bn2crparam(dsa->q, &kop.crk_param[2]))
1200 goto err;
1201 if (bn2crparam(dsa->g, &kop.crk_param[3]))
1202 goto err;
1203 if (bn2crparam(dsa->priv_key, &kop.crk_param[4]))
1204 goto err;
1205 kop.crk_iparams = 5;
1206
1207 if (cryptodev_asym(&kop, BN_num_bytes(dsa->q), r,
1208 BN_num_bytes(dsa->q), s) == 0) {
1209 dsaret = DSA_SIG_new();
1210 dsaret->r = r;
1211 dsaret->s = s;
1212 } else {
1213 const DSA_METHOD *meth = DSA_OpenSSL();
1214 BN_free(r);
1215 BN_free(s);
1216 dsaret = (meth->dsa_do_sign)(dgst, dlen, dsa);
1217 }
1218err:
1219 kop.crk_param[0].crp_p = NULL;
1220 zapparams(&kop);
1221 return (dsaret);
1222}
1223
1224static int
1225cryptodev_dsa_verify(const unsigned char *dgst, int dlen,
1226 DSA_SIG *sig, DSA *dsa)
1227{
1228 struct crypt_kop kop;
1229 int dsaret = 1;
1230
1231 memset(&kop, 0, sizeof kop);
1232 kop.crk_op = CRK_DSA_VERIFY;
1233
1234 /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */
1235 kop.crk_param[0].crp_p = (caddr_t)dgst;
1236 kop.crk_param[0].crp_nbits = dlen * 8;
1237 if (bn2crparam(dsa->p, &kop.crk_param[1]))
1238 goto err;
1239 if (bn2crparam(dsa->q, &kop.crk_param[2]))
1240 goto err;
1241 if (bn2crparam(dsa->g, &kop.crk_param[3]))
1242 goto err;
1243 if (bn2crparam(dsa->pub_key, &kop.crk_param[4]))
1244 goto err;
1245 if (bn2crparam(sig->r, &kop.crk_param[5]))
1246 goto err;
1247 if (bn2crparam(sig->s, &kop.crk_param[6]))
1248 goto err;
1249 kop.crk_iparams = 7;
1250
1251 if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) {
1252/*OCF success value is 0, if not zero, change dsaret to fail*/
1253 if(0 != kop.crk_status) dsaret = 0;
1254 } else {
1255 const DSA_METHOD *meth = DSA_OpenSSL();
1256
1257 dsaret = (meth->dsa_do_verify)(dgst, dlen, sig, dsa);
1258 }
1259err:
1260 kop.crk_param[0].crp_p = NULL;
1261 zapparams(&kop);
1262 return (dsaret);
1263}
1264
1265static DSA_METHOD cryptodev_dsa = {
1266 "cryptodev DSA method",
1267 NULL,
1268 NULL, /* dsa_sign_setup */
1269 NULL,
1270 NULL, /* dsa_mod_exp */
1271 NULL,
1272 NULL, /* init */
1273 NULL, /* finish */
1274 0, /* flags */
1275 NULL /* app_data */
1276};
1277
1278static int
1279cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
1280 const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
1281 BN_MONT_CTX *m_ctx)
1282{
1283 return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx));
1284}
1285
1286static int
1287cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
1288{
1289 struct crypt_kop kop;
1290 int dhret = 1;
1291 int fd, keylen;
1292
1293 if ((fd = get_asym_dev_crypto()) < 0) {
1294 const DH_METHOD *meth = DH_OpenSSL();
1295
1296 return ((meth->compute_key)(key, pub_key, dh));
1297 }
1298
1299 keylen = BN_num_bits(dh->p);
1300
1301 memset(&kop, 0, sizeof kop);
1302 kop.crk_op = CRK_DH_COMPUTE_KEY;
1303
1304 /* inputs: dh->priv_key pub_key dh->p key */
1305 if (bn2crparam(dh->priv_key, &kop.crk_param[0]))
1306 goto err;
1307 if (bn2crparam(pub_key, &kop.crk_param[1]))
1308 goto err;
1309 if (bn2crparam(dh->p, &kop.crk_param[2]))
1310 goto err;
1311 kop.crk_iparams = 3;
1312
1313 kop.crk_param[3].crp_p = (caddr_t) key;
1314 kop.crk_param[3].crp_nbits = keylen * 8;
1315 kop.crk_oparams = 1;
1316
1317 if (ioctl(fd, CIOCKEY, &kop) == -1) {
1318 const DH_METHOD *meth = DH_OpenSSL();
1319
1320 dhret = (meth->compute_key)(key, pub_key, dh);
1321 }
1322err:
1323 kop.crk_param[3].crp_p = NULL;
1324 zapparams(&kop);
1325 return (dhret);
1326}
1327
1328static DH_METHOD cryptodev_dh = {
1329 "cryptodev DH method",
1330 NULL, /* cryptodev_dh_generate_key */
1331 NULL,
1332 NULL,
1333 NULL,
1334 NULL,
1335 0, /* flags */
1336 NULL /* app_data */
1337};
1338
1339/*
1340 * ctrl right now is just a wrapper that doesn't do much
1341 * but I expect we'll want some options soon.
1342 */
1343static int
1344cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))
1345{
1346#ifdef HAVE_SYSLOG_R
1347 struct syslog_data sd = SYSLOG_DATA_INIT;
1348#endif
1349
1350 switch (cmd) {
1351 default:
1352#ifdef HAVE_SYSLOG_R
1353 syslog_r(LOG_ERR, &sd,
1354 "cryptodev_ctrl: unknown command %d", cmd);
1355#else
1356 syslog(LOG_ERR, "cryptodev_ctrl: unknown command %d", cmd);
1357#endif
1358 break;
1359 }
1360 return (1);
1361}
1362
1363void
1364ENGINE_load_cryptodev(void)
1365{
1366 ENGINE *engine = ENGINE_new();
1367 int fd;
1368
1369 if (engine == NULL)
1370 return;
1371 if ((fd = get_dev_crypto()) < 0) {
1372 ENGINE_free(engine);
1373 return;
1374 }
1375
1376 /*
1377 * find out what asymmetric crypto algorithms we support
1378 */
1379 if (ioctl(fd, CIOCASYMFEAT, &cryptodev_asymfeat) == -1) {
1380 put_dev_crypto(fd);
1381 ENGINE_free(engine);
1382 return;
1383 }
1384 put_dev_crypto(fd);
1385
1386 if (!ENGINE_set_id(engine, "cryptodev") ||
1387 !ENGINE_set_name(engine, "BSD cryptodev engine") ||
1388 !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) ||
1389 !ENGINE_set_digests(engine, cryptodev_engine_digests) ||
1390 !ENGINE_set_ctrl_function(engine, cryptodev_ctrl) ||
1391 !ENGINE_set_cmd_defns(engine, cryptodev_defns)) {
1392 ENGINE_free(engine);
1393 return;
1394 }
1395
1396 if (ENGINE_set_RSA(engine, &cryptodev_rsa)) {
1397 const RSA_METHOD *rsa_meth = RSA_PKCS1_SSLeay();
1398
1399 cryptodev_rsa.bn_mod_exp = rsa_meth->bn_mod_exp;
1400 cryptodev_rsa.rsa_mod_exp = rsa_meth->rsa_mod_exp;
1401 cryptodev_rsa.rsa_pub_enc = rsa_meth->rsa_pub_enc;
1402 cryptodev_rsa.rsa_pub_dec = rsa_meth->rsa_pub_dec;
1403 cryptodev_rsa.rsa_priv_enc = rsa_meth->rsa_priv_enc;
1404 cryptodev_rsa.rsa_priv_dec = rsa_meth->rsa_priv_dec;
1405 if (cryptodev_asymfeat & CRF_MOD_EXP) {
1406 cryptodev_rsa.bn_mod_exp = cryptodev_bn_mod_exp;
1407 if (cryptodev_asymfeat & CRF_MOD_EXP_CRT)
1408 cryptodev_rsa.rsa_mod_exp =
1409 cryptodev_rsa_mod_exp;
1410 else
1411 cryptodev_rsa.rsa_mod_exp =
1412 cryptodev_rsa_nocrt_mod_exp;
1413 }
1414 }
1415
1416 if (ENGINE_set_DSA(engine, &cryptodev_dsa)) {
1417 const DSA_METHOD *meth = DSA_OpenSSL();
1418
1419 memcpy(&cryptodev_dsa, meth, sizeof(DSA_METHOD));
1420 if (cryptodev_asymfeat & CRF_DSA_SIGN)
1421 cryptodev_dsa.dsa_do_sign = cryptodev_dsa_do_sign;
1422 if (cryptodev_asymfeat & CRF_MOD_EXP) {
1423 cryptodev_dsa.bn_mod_exp = cryptodev_dsa_bn_mod_exp;
1424 cryptodev_dsa.dsa_mod_exp = cryptodev_dsa_dsa_mod_exp;
1425 }
1426 if (cryptodev_asymfeat & CRF_DSA_VERIFY)
1427 cryptodev_dsa.dsa_do_verify = cryptodev_dsa_verify;
1428 }
1429
1430 if (ENGINE_set_DH(engine, &cryptodev_dh)){
1431 const DH_METHOD *dh_meth = DH_OpenSSL();
1432
1433 cryptodev_dh.generate_key = dh_meth->generate_key;
1434 cryptodev_dh.compute_key = dh_meth->compute_key;
1435 cryptodev_dh.bn_mod_exp = dh_meth->bn_mod_exp;
1436 if (cryptodev_asymfeat & CRF_MOD_EXP) {
1437 cryptodev_dh.bn_mod_exp = cryptodev_mod_exp_dh;
1438 if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY)
1439 cryptodev_dh.compute_key =
1440 cryptodev_dh_compute_key;
1441 }
1442 }
1443
1444 ENGINE_add(engine);
1445 ENGINE_free(engine);
1446 ERR_clear_error();
1447}
1448
1449#endif /* HAVE_CRYPTODEV */
diff --git a/src/lib/libssl/src/crypto/engine/eng_padlock.c b/src/lib/libssl/src/crypto/engine/eng_padlock.c
index 743558ab33..9f7a85a8da 100644
--- a/src/lib/libssl/src/crypto/engine/eng_padlock.c
+++ b/src/lib/libssl/src/crypto/engine/eng_padlock.c
@@ -104,10 +104,14 @@
104# if (defined(__GNUC__) && (defined(__i386__) || defined(__i386))) || \ 104# if (defined(__GNUC__) && (defined(__i386__) || defined(__i386))) || \
105 (defined(_MSC_VER) && defined(_M_IX86)) 105 (defined(_MSC_VER) && defined(_M_IX86))
106# define COMPILE_HW_PADLOCK 106# define COMPILE_HW_PADLOCK
107static ENGINE *ENGINE_padlock (void);
108# endif 107# endif
109#endif 108#endif
110 109
110#ifdef OPENSSL_NO_DYNAMIC_ENGINE
111#ifdef COMPILE_HW_PADLOCK
112static ENGINE *ENGINE_padlock (void);
113#endif
114
111void ENGINE_load_padlock (void) 115void ENGINE_load_padlock (void)
112{ 116{
113/* On non-x86 CPUs it just returns. */ 117/* On non-x86 CPUs it just returns. */
@@ -120,17 +124,21 @@ void ENGINE_load_padlock (void)
120#endif 124#endif
121} 125}
122 126
127#endif
128
123#ifdef COMPILE_HW_PADLOCK 129#ifdef COMPILE_HW_PADLOCK
124/* We do these includes here to avoid header problems on platforms that 130/* We do these includes here to avoid header problems on platforms that
125 do not have the VIA padlock anyway... */ 131 do not have the VIA padlock anyway... */
126#ifdef _MSC_VER 132#include <stdlib.h>
133#ifdef _WIN32
127# include <malloc.h> 134# include <malloc.h>
128# define alloca _alloca 135# ifndef alloca
129#elif defined(NETWARE_CLIB) && defined(__GNUC__) 136# define alloca _alloca
130 void *alloca(size_t); 137# endif
131# define alloca(s) __builtin_alloca(s) 138#elif defined(__GNUC__)
132#else 139# ifndef alloca
133# include <stdlib.h> 140# define alloca(s) __builtin_alloca(s)
141# endif
134#endif 142#endif
135 143
136/* Function for ENGINE detection and control */ 144/* Function for ENGINE detection and control */
@@ -191,6 +199,8 @@ padlock_bind_helper(ENGINE *e)
191 return 1; 199 return 1;
192} 200}
193 201
202#ifdef OPENSSL_NO_DYNAMIC_ENGINE
203
194/* Constructor */ 204/* Constructor */
195static ENGINE * 205static ENGINE *
196ENGINE_padlock(void) 206ENGINE_padlock(void)
@@ -209,6 +219,8 @@ ENGINE_padlock(void)
209 return eng; 219 return eng;
210} 220}
211 221
222#endif
223
212/* Check availability of the engine */ 224/* Check availability of the engine */
213static int 225static int
214padlock_init(ENGINE *e) 226padlock_init(ENGINE *e)
@@ -234,7 +246,7 @@ padlock_bind_fn(ENGINE *e, const char *id)
234 return 1; 246 return 1;
235} 247}
236 248
237IMPLEMENT_DYNAMIC_CHECK_FN () 249IMPLEMENT_DYNAMIC_CHECK_FN()
238IMPLEMENT_DYNAMIC_BIND_FN (padlock_bind_fn) 250IMPLEMENT_DYNAMIC_BIND_FN (padlock_bind_fn)
239#endif /* DYNAMIC_ENGINE */ 251#endif /* DYNAMIC_ENGINE */
240 252
@@ -1213,6 +1225,14 @@ static RAND_METHOD padlock_rand = {
1213 padlock_rand_status, /* rand status */ 1225 padlock_rand_status, /* rand status */
1214}; 1226};
1215 1227
1228#else /* !COMPILE_HW_PADLOCK */
1229#ifndef OPENSSL_NO_DYNAMIC_ENGINE
1230OPENSSL_EXPORT
1231int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns);
1232OPENSSL_EXPORT
1233int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { return 0; }
1234IMPLEMENT_DYNAMIC_CHECK_FN()
1235#endif
1216#endif /* COMPILE_HW_PADLOCK */ 1236#endif /* COMPILE_HW_PADLOCK */
1217 1237
1218#endif /* !OPENSSL_NO_HW_PADLOCK */ 1238#endif /* !OPENSSL_NO_HW_PADLOCK */
diff --git a/src/lib/libssl/src/crypto/engine/eng_padlock.ec b/src/lib/libssl/src/crypto/engine/eng_padlock.ec
new file mode 100644
index 0000000000..a0e7cbd60d
--- /dev/null
+++ b/src/lib/libssl/src/crypto/engine/eng_padlock.ec
@@ -0,0 +1 @@
L PADLOCK eng_padlock_err.h eng_padlock_err.c
diff --git a/src/lib/libssl/src/engines/Makefile b/src/lib/libssl/src/engines/Makefile
index d48b8cdf22..f2a5af220b 100644
--- a/src/lib/libssl/src/engines/Makefile
+++ b/src/lib/libssl/src/engines/Makefile
@@ -26,10 +26,10 @@ TEST=
26APPS= 26APPS=
27 27
28LIB=$(TOP)/libcrypto.a 28LIB=$(TOP)/libcrypto.a
29LIBNAMES= padlock 29LIBNAMES=
30 30
31LIBSRC= e_padlock.c 31LIBSRC=
32LIBOBJ= e_padlock.o 32LIBOBJ=
33 33
34SRC= $(LIBSRC) 34SRC= $(LIBSRC)
35 35
diff --git a/src/lib/libssl/src/engines/e_padlock.c b/src/lib/libssl/src/engines/e_padlock.c
deleted file mode 100644
index 9f7a85a8da..0000000000
--- a/src/lib/libssl/src/engines/e_padlock.c
+++ /dev/null
@@ -1,1239 +0,0 @@
1/*
2 * Support for VIA PadLock Advanced Cryptography Engine (ACE)
3 * Written by Michal Ludvig <michal@logix.cz>
4 * http://www.logix.cz/michal
5 *
6 * Big thanks to Andy Polyakov for a help with optimization,
7 * assembler fixes, port to MS Windows and a lot of other
8 * valuable work on this engine!
9 */
10
11/* ====================================================================
12 * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
13 *
14 * Redistribution and use in source and binary forms, with or without
15 * modification, are permitted provided that the following conditions
16 * are met:
17 *
18 * 1. Redistributions of source code must retain the above copyright
19 * notice, this list of conditions and the following disclaimer.
20 *
21 * 2. Redistributions in binary form must reproduce the above copyright
22 * notice, this list of conditions and the following disclaimer in
23 * the documentation and/or other materials provided with the
24 * distribution.
25 *
26 * 3. All advertising materials mentioning features or use of this
27 * software must display the following acknowledgment:
28 * "This product includes software developed by the OpenSSL Project
29 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
30 *
31 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
32 * endorse or promote products derived from this software without
33 * prior written permission. For written permission, please contact
34 * licensing@OpenSSL.org.
35 *
36 * 5. Products derived from this software may not be called "OpenSSL"
37 * nor may "OpenSSL" appear in their names without prior written
38 * permission of the OpenSSL Project.
39 *
40 * 6. Redistributions of any form whatsoever must retain the following
41 * acknowledgment:
42 * "This product includes software developed by the OpenSSL Project
43 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
44 *
45 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
46 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
47 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
48 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
49 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
50 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
51 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
52 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
53 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
54 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
55 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
56 * OF THE POSSIBILITY OF SUCH DAMAGE.
57 * ====================================================================
58 *
59 * This product includes cryptographic software written by Eric Young
60 * (eay@cryptsoft.com). This product includes software written by Tim
61 * Hudson (tjh@cryptsoft.com).
62 *
63 */
64
65
66#include <stdio.h>
67#include <string.h>
68
69#include <openssl/opensslconf.h>
70#include <openssl/crypto.h>
71#include <openssl/dso.h>
72#include <openssl/engine.h>
73#include <openssl/evp.h>
74#ifndef OPENSSL_NO_AES
75#include <openssl/aes.h>
76#endif
77#include <openssl/rand.h>
78#include <openssl/err.h>
79
80#ifndef OPENSSL_NO_HW
81#ifndef OPENSSL_NO_HW_PADLOCK
82
83/* Attempt to have a single source for both 0.9.7 and 0.9.8 :-) */
84#if (OPENSSL_VERSION_NUMBER >= 0x00908000L)
85# ifndef OPENSSL_NO_DYNAMIC_ENGINE
86# define DYNAMIC_ENGINE
87# endif
88#elif (OPENSSL_VERSION_NUMBER >= 0x00907000L)
89# ifdef ENGINE_DYNAMIC_SUPPORT
90# define DYNAMIC_ENGINE
91# endif
92#else
93# error "Only OpenSSL >= 0.9.7 is supported"
94#endif
95
96/* VIA PadLock AES is available *ONLY* on some x86 CPUs.
97 Not only that it doesn't exist elsewhere, but it
98 even can't be compiled on other platforms!
99
100 In addition, because of the heavy use of inline assembler,
101 compiler choice is limited to GCC and Microsoft C. */
102#undef COMPILE_HW_PADLOCK
103#if !defined(I386_ONLY) && !defined(OPENSSL_NO_INLINE_ASM)
104# if (defined(__GNUC__) && (defined(__i386__) || defined(__i386))) || \
105 (defined(_MSC_VER) && defined(_M_IX86))
106# define COMPILE_HW_PADLOCK
107# endif
108#endif
109
110#ifdef OPENSSL_NO_DYNAMIC_ENGINE
111#ifdef COMPILE_HW_PADLOCK
112static ENGINE *ENGINE_padlock (void);
113#endif
114
115void ENGINE_load_padlock (void)
116{
117/* On non-x86 CPUs it just returns. */
118#ifdef COMPILE_HW_PADLOCK
119 ENGINE *toadd = ENGINE_padlock ();
120 if (!toadd) return;
121 ENGINE_add (toadd);
122 ENGINE_free (toadd);
123 ERR_clear_error ();
124#endif
125}
126
127#endif
128
129#ifdef COMPILE_HW_PADLOCK
130/* We do these includes here to avoid header problems on platforms that
131 do not have the VIA padlock anyway... */
132#include <stdlib.h>
133#ifdef _WIN32
134# include <malloc.h>
135# ifndef alloca
136# define alloca _alloca
137# endif
138#elif defined(__GNUC__)
139# ifndef alloca
140# define alloca(s) __builtin_alloca(s)
141# endif
142#endif
143
144/* Function for ENGINE detection and control */
145static int padlock_available(void);
146static int padlock_init(ENGINE *e);
147
148/* RNG Stuff */
149static RAND_METHOD padlock_rand;
150
151/* Cipher Stuff */
152#ifndef OPENSSL_NO_AES
153static int padlock_ciphers(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid);
154#endif
155
156/* Engine names */
157static const char *padlock_id = "padlock";
158static char padlock_name[100];
159
160/* Available features */
161static int padlock_use_ace = 0; /* Advanced Cryptography Engine */
162static int padlock_use_rng = 0; /* Random Number Generator */
163#ifndef OPENSSL_NO_AES
164static int padlock_aes_align_required = 1;
165#endif
166
167/* ===== Engine "management" functions ===== */
168
169/* Prepare the ENGINE structure for registration */
170static int
171padlock_bind_helper(ENGINE *e)
172{
173 /* Check available features */
174 padlock_available();
175
176#if 1 /* disable RNG for now, see commentary in vicinity of RNG code */
177 padlock_use_rng=0;
178#endif
179
180 /* Generate a nice engine name with available features */
181 BIO_snprintf(padlock_name, sizeof(padlock_name),
182 "VIA PadLock (%s, %s)",
183 padlock_use_rng ? "RNG" : "no-RNG",
184 padlock_use_ace ? "ACE" : "no-ACE");
185
186 /* Register everything or return with an error */
187 if (!ENGINE_set_id(e, padlock_id) ||
188 !ENGINE_set_name(e, padlock_name) ||
189
190 !ENGINE_set_init_function(e, padlock_init) ||
191#ifndef OPENSSL_NO_AES
192 (padlock_use_ace && !ENGINE_set_ciphers (e, padlock_ciphers)) ||
193#endif
194 (padlock_use_rng && !ENGINE_set_RAND (e, &padlock_rand))) {
195 return 0;
196 }
197
198 /* Everything looks good */
199 return 1;
200}
201
202#ifdef OPENSSL_NO_DYNAMIC_ENGINE
203
204/* Constructor */
205static ENGINE *
206ENGINE_padlock(void)
207{
208 ENGINE *eng = ENGINE_new();
209
210 if (!eng) {
211 return NULL;
212 }
213
214 if (!padlock_bind_helper(eng)) {
215 ENGINE_free(eng);
216 return NULL;
217 }
218
219 return eng;
220}
221
222#endif
223
224/* Check availability of the engine */
225static int
226padlock_init(ENGINE *e)
227{
228 return (padlock_use_rng || padlock_use_ace);
229}
230
231/* This stuff is needed if this ENGINE is being compiled into a self-contained
232 * shared-library.
233 */
234#ifdef DYNAMIC_ENGINE
235static int
236padlock_bind_fn(ENGINE *e, const char *id)
237{
238 if (id && (strcmp(id, padlock_id) != 0)) {
239 return 0;
240 }
241
242 if (!padlock_bind_helper(e)) {
243 return 0;
244 }
245
246 return 1;
247}
248
249IMPLEMENT_DYNAMIC_CHECK_FN()
250IMPLEMENT_DYNAMIC_BIND_FN (padlock_bind_fn)
251#endif /* DYNAMIC_ENGINE */
252
253/* ===== Here comes the "real" engine ===== */
254
255#ifndef OPENSSL_NO_AES
256/* Some AES-related constants */
257#define AES_BLOCK_SIZE 16
258#define AES_KEY_SIZE_128 16
259#define AES_KEY_SIZE_192 24
260#define AES_KEY_SIZE_256 32
261
262/* Here we store the status information relevant to the
263 current context. */
264/* BIG FAT WARNING:
265 * Inline assembler in PADLOCK_XCRYPT_ASM()
266 * depends on the order of items in this structure.
267 * Don't blindly modify, reorder, etc!
268 */
269struct padlock_cipher_data
270{
271 unsigned char iv[AES_BLOCK_SIZE]; /* Initialization vector */
272 union { unsigned int pad[4];
273 struct {
274 int rounds:4;
275 int dgst:1; /* n/a in C3 */
276 int align:1; /* n/a in C3 */
277 int ciphr:1; /* n/a in C3 */
278 unsigned int keygen:1;
279 int interm:1;
280 unsigned int encdec:1;
281 int ksize:2;
282 } b;
283 } cword; /* Control word */
284 AES_KEY ks; /* Encryption key */
285};
286
287/*
288 * Essentially this variable belongs in thread local storage.
289 * Having this variable global on the other hand can only cause
290 * few bogus key reloads [if any at all on single-CPU system],
291 * so we accept the penatly...
292 */
293static volatile struct padlock_cipher_data *padlock_saved_context;
294#endif
295
296/*
297 * =======================================================
298 * Inline assembler section(s).
299 * =======================================================
300 * Order of arguments is chosen to facilitate Windows port
301 * using __fastcall calling convention. If you wish to add
302 * more routines, keep in mind that first __fastcall
303 * argument is passed in %ecx and second - in %edx.
304 * =======================================================
305 */
306#if defined(__GNUC__) && __GNUC__>=2
307/*
308 * As for excessive "push %ebx"/"pop %ebx" found all over.
309 * When generating position-independent code GCC won't let
310 * us use "b" in assembler templates nor even respect "ebx"
311 * in "clobber description." Therefore the trouble...
312 */
313
314/* Helper function - check if a CPUID instruction
315 is available on this CPU */
316static int
317padlock_insn_cpuid_available(void)
318{
319 int result = -1;
320
321 /* We're checking if the bit #21 of EFLAGS
322 can be toggled. If yes = CPUID is available. */
323 asm volatile (
324 "pushf\n"
325 "popl %%eax\n"
326 "xorl $0x200000, %%eax\n"
327 "movl %%eax, %%ecx\n"
328 "andl $0x200000, %%ecx\n"
329 "pushl %%eax\n"
330 "popf\n"
331 "pushf\n"
332 "popl %%eax\n"
333 "andl $0x200000, %%eax\n"
334 "xorl %%eax, %%ecx\n"
335 "movl %%ecx, %0\n"
336 : "=r" (result) : : "eax", "ecx");
337
338 return (result == 0);
339}
340
341/* Load supported features of the CPU to see if
342 the PadLock is available. */
343static int
344padlock_available(void)
345{
346 char vendor_string[16];
347 unsigned int eax, edx;
348
349 /* First check if the CPUID instruction is available at all... */
350 if (! padlock_insn_cpuid_available())
351 return 0;
352
353 /* Are we running on the Centaur (VIA) CPU? */
354 eax = 0x00000000;
355 vendor_string[12] = 0;
356 asm volatile (
357 "pushl %%ebx\n"
358 "cpuid\n"
359 "movl %%ebx,(%%edi)\n"
360 "movl %%edx,4(%%edi)\n"
361 "movl %%ecx,8(%%edi)\n"
362 "popl %%ebx"
363 : "+a"(eax) : "D"(vendor_string) : "ecx", "edx");
364 if (strcmp(vendor_string, "CentaurHauls") != 0)
365 return 0;
366
367 /* Check for Centaur Extended Feature Flags presence */
368 eax = 0xC0000000;
369 asm volatile ("pushl %%ebx; cpuid; popl %%ebx"
370 : "+a"(eax) : : "ecx", "edx");
371 if (eax < 0xC0000001)
372 return 0;
373
374 /* Read the Centaur Extended Feature Flags */
375 eax = 0xC0000001;
376 asm volatile ("pushl %%ebx; cpuid; popl %%ebx"
377 : "+a"(eax), "=d"(edx) : : "ecx");
378
379 /* Fill up some flags */
380 padlock_use_ace = ((edx & (0x3<<6)) == (0x3<<6));
381 padlock_use_rng = ((edx & (0x3<<2)) == (0x3<<2));
382
383 return padlock_use_ace + padlock_use_rng;
384}
385
386#ifndef OPENSSL_NO_AES
387/* Our own htonl()/ntohl() */
388static inline void
389padlock_bswapl(AES_KEY *ks)
390{
391 size_t i = sizeof(ks->rd_key)/sizeof(ks->rd_key[0]);
392 unsigned int *key = ks->rd_key;
393
394 while (i--) {
395 asm volatile ("bswapl %0" : "+r"(*key));
396 key++;
397 }
398}
399#endif
400
401/* Force key reload from memory to the CPU microcode.
402 Loading EFLAGS from the stack clears EFLAGS[30]
403 which does the trick. */
404static inline void
405padlock_reload_key(void)
406{
407 asm volatile ("pushfl; popfl");
408}
409
410#ifndef OPENSSL_NO_AES
411/*
412 * This is heuristic key context tracing. At first one
413 * believes that one should use atomic swap instructions,
414 * but it's not actually necessary. Point is that if
415 * padlock_saved_context was changed by another thread
416 * after we've read it and before we compare it with cdata,
417 * our key *shall* be reloaded upon thread context switch
418 * and we are therefore set in either case...
419 */
420static inline void
421padlock_verify_context(struct padlock_cipher_data *cdata)
422{
423 asm volatile (
424 "pushfl\n"
425" btl $30,(%%esp)\n"
426" jnc 1f\n"
427" cmpl %2,%1\n"
428" je 1f\n"
429" popfl\n"
430" subl $4,%%esp\n"
431"1: addl $4,%%esp\n"
432" movl %2,%0"
433 :"+m"(padlock_saved_context)
434 : "r"(padlock_saved_context), "r"(cdata) : "cc");
435}
436
437/* Template for padlock_xcrypt_* modes */
438/* BIG FAT WARNING:
439 * The offsets used with 'leal' instructions
440 * describe items of the 'padlock_cipher_data'
441 * structure.
442 */
443#define PADLOCK_XCRYPT_ASM(name,rep_xcrypt) \
444static inline void *name(size_t cnt, \
445 struct padlock_cipher_data *cdata, \
446 void *out, const void *inp) \
447{ void *iv; \
448 asm volatile ( "pushl %%ebx\n" \
449 " leal 16(%0),%%edx\n" \
450 " leal 32(%0),%%ebx\n" \
451 rep_xcrypt "\n" \
452 " popl %%ebx" \
453 : "=a"(iv), "=c"(cnt), "=D"(out), "=S"(inp) \
454 : "0"(cdata), "1"(cnt), "2"(out), "3"(inp) \
455 : "edx", "cc", "memory"); \
456 return iv; \
457}
458
459/* Generate all functions with appropriate opcodes */
460PADLOCK_XCRYPT_ASM(padlock_xcrypt_ecb, ".byte 0xf3,0x0f,0xa7,0xc8") /* rep xcryptecb */
461PADLOCK_XCRYPT_ASM(padlock_xcrypt_cbc, ".byte 0xf3,0x0f,0xa7,0xd0") /* rep xcryptcbc */
462PADLOCK_XCRYPT_ASM(padlock_xcrypt_cfb, ".byte 0xf3,0x0f,0xa7,0xe0") /* rep xcryptcfb */
463PADLOCK_XCRYPT_ASM(padlock_xcrypt_ofb, ".byte 0xf3,0x0f,0xa7,0xe8") /* rep xcryptofb */
464#endif
465
466/* The RNG call itself */
467static inline unsigned int
468padlock_xstore(void *addr, unsigned int edx_in)
469{
470 unsigned int eax_out;
471
472 asm volatile (".byte 0x0f,0xa7,0xc0" /* xstore */
473 : "=a"(eax_out),"=m"(*(unsigned *)addr)
474 : "D"(addr), "d" (edx_in)
475 );
476
477 return eax_out;
478}
479
480/* Why not inline 'rep movsd'? I failed to find information on what
481 * value in Direction Flag one can expect and consequently have to
482 * apply "better-safe-than-sorry" approach and assume "undefined."
483 * I could explicitly clear it and restore the original value upon
484 * return from padlock_aes_cipher, but it's presumably too much
485 * trouble for too little gain...
486 *
487 * In case you wonder 'rep xcrypt*' instructions above are *not*
488 * affected by the Direction Flag and pointers advance toward
489 * larger addresses unconditionally.
490 */
491static inline unsigned char *
492padlock_memcpy(void *dst,const void *src,size_t n)
493{
494 long *d=dst;
495 const long *s=src;
496
497 n /= sizeof(*d);
498 do { *d++ = *s++; } while (--n);
499
500 return dst;
501}
502
503#elif defined(_MSC_VER)
504/*
505 * Unlike GCC these are real functions. In order to minimize impact
506 * on performance we adhere to __fastcall calling convention in
507 * order to get two first arguments passed through %ecx and %edx.
508 * Which kind of suits very well, as instructions in question use
509 * both %ecx and %edx as input:-)
510 */
511#define REP_XCRYPT(code) \
512 _asm _emit 0xf3 \
513 _asm _emit 0x0f _asm _emit 0xa7 \
514 _asm _emit code
515
516/* BIG FAT WARNING:
517 * The offsets used with 'lea' instructions
518 * describe items of the 'padlock_cipher_data'
519 * structure.
520 */
521#define PADLOCK_XCRYPT_ASM(name,code) \
522static void * __fastcall \
523 name (size_t cnt, void *cdata, \
524 void *outp, const void *inp) \
525{ _asm mov eax,edx \
526 _asm lea edx,[eax+16] \
527 _asm lea ebx,[eax+32] \
528 _asm mov edi,outp \
529 _asm mov esi,inp \
530 REP_XCRYPT(code) \
531}
532
533PADLOCK_XCRYPT_ASM(padlock_xcrypt_ecb,0xc8)
534PADLOCK_XCRYPT_ASM(padlock_xcrypt_cbc,0xd0)
535PADLOCK_XCRYPT_ASM(padlock_xcrypt_cfb,0xe0)
536PADLOCK_XCRYPT_ASM(padlock_xcrypt_ofb,0xe8)
537
538static int __fastcall
539padlock_xstore(void *outp,unsigned int code)
540{ _asm mov edi,ecx
541 _asm _emit 0x0f _asm _emit 0xa7 _asm _emit 0xc0
542}
543
544static void __fastcall
545padlock_reload_key(void)
546{ _asm pushfd _asm popfd }
547
548static void __fastcall
549padlock_verify_context(void *cdata)
550{ _asm {
551 pushfd
552 bt DWORD PTR[esp],30
553 jnc skip
554 cmp ecx,padlock_saved_context
555 je skip
556 popfd
557 sub esp,4
558 skip: add esp,4
559 mov padlock_saved_context,ecx
560 }
561}
562
563static int
564padlock_available(void)
565{ _asm {
566 pushfd
567 pop eax
568 mov ecx,eax
569 xor eax,1<<21
570 push eax
571 popfd
572 pushfd
573 pop eax
574 xor eax,ecx
575 bt eax,21
576 jnc noluck
577 mov eax,0
578 cpuid
579 xor eax,eax
580 cmp ebx,'tneC'
581 jne noluck
582 cmp edx,'Hrua'
583 jne noluck
584 cmp ecx,'slua'
585 jne noluck
586 mov eax,0xC0000000
587 cpuid
588 mov edx,eax
589 xor eax,eax
590 cmp edx,0xC0000001
591 jb noluck
592 mov eax,0xC0000001
593 cpuid
594 xor eax,eax
595 bt edx,6
596 jnc skip_a
597 bt edx,7
598 jnc skip_a
599 mov padlock_use_ace,1
600 inc eax
601 skip_a: bt edx,2
602 jnc skip_r
603 bt edx,3
604 jnc skip_r
605 mov padlock_use_rng,1
606 inc eax
607 skip_r:
608 noluck:
609 }
610}
611
612static void __fastcall
613padlock_bswapl(void *key)
614{ _asm {
615 pushfd
616 cld
617 mov esi,ecx
618 mov edi,ecx
619 mov ecx,60
620 up: lodsd
621 bswap eax
622 stosd
623 loop up
624 popfd
625 }
626}
627
628/* MS actually specifies status of Direction Flag and compiler even
629 * manages to compile following as 'rep movsd' all by itself...
630 */
631#define padlock_memcpy(o,i,n) ((unsigned char *)memcpy((o),(i),(n)&~3U))
632#endif
633
634/* ===== AES encryption/decryption ===== */
635#ifndef OPENSSL_NO_AES
636
637#if defined(NID_aes_128_cfb128) && ! defined (NID_aes_128_cfb)
638#define NID_aes_128_cfb NID_aes_128_cfb128
639#endif
640
641#if defined(NID_aes_128_ofb128) && ! defined (NID_aes_128_ofb)
642#define NID_aes_128_ofb NID_aes_128_ofb128
643#endif
644
645#if defined(NID_aes_192_cfb128) && ! defined (NID_aes_192_cfb)
646#define NID_aes_192_cfb NID_aes_192_cfb128
647#endif
648
649#if defined(NID_aes_192_ofb128) && ! defined (NID_aes_192_ofb)
650#define NID_aes_192_ofb NID_aes_192_ofb128
651#endif
652
653#if defined(NID_aes_256_cfb128) && ! defined (NID_aes_256_cfb)
654#define NID_aes_256_cfb NID_aes_256_cfb128
655#endif
656
657#if defined(NID_aes_256_ofb128) && ! defined (NID_aes_256_ofb)
658#define NID_aes_256_ofb NID_aes_256_ofb128
659#endif
660
661/* List of supported ciphers. */
662static int padlock_cipher_nids[] = {
663 NID_aes_128_ecb,
664 NID_aes_128_cbc,
665 NID_aes_128_cfb,
666 NID_aes_128_ofb,
667
668 NID_aes_192_ecb,
669 NID_aes_192_cbc,
670 NID_aes_192_cfb,
671 NID_aes_192_ofb,
672
673 NID_aes_256_ecb,
674 NID_aes_256_cbc,
675 NID_aes_256_cfb,
676 NID_aes_256_ofb,
677};
678static int padlock_cipher_nids_num = (sizeof(padlock_cipher_nids)/
679 sizeof(padlock_cipher_nids[0]));
680
681/* Function prototypes ... */
682static int padlock_aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
683 const unsigned char *iv, int enc);
684static int padlock_aes_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
685 const unsigned char *in, size_t nbytes);
686
687#define NEAREST_ALIGNED(ptr) ( (unsigned char *)(ptr) + \
688 ( (0x10 - ((size_t)(ptr) & 0x0F)) & 0x0F ) )
689#define ALIGNED_CIPHER_DATA(ctx) ((struct padlock_cipher_data *)\
690 NEAREST_ALIGNED(ctx->cipher_data))
691
692#define EVP_CIPHER_block_size_ECB AES_BLOCK_SIZE
693#define EVP_CIPHER_block_size_CBC AES_BLOCK_SIZE
694#define EVP_CIPHER_block_size_OFB 1
695#define EVP_CIPHER_block_size_CFB 1
696
697/* Declaring so many ciphers by hand would be a pain.
698 Instead introduce a bit of preprocessor magic :-) */
699#define DECLARE_AES_EVP(ksize,lmode,umode) \
700static const EVP_CIPHER padlock_aes_##ksize##_##lmode = { \
701 NID_aes_##ksize##_##lmode, \
702 EVP_CIPHER_block_size_##umode, \
703 AES_KEY_SIZE_##ksize, \
704 AES_BLOCK_SIZE, \
705 0 | EVP_CIPH_##umode##_MODE, \
706 padlock_aes_init_key, \
707 padlock_aes_cipher, \
708 NULL, \
709 sizeof(struct padlock_cipher_data) + 16, \
710 EVP_CIPHER_set_asn1_iv, \
711 EVP_CIPHER_get_asn1_iv, \
712 NULL, \
713 NULL \
714}
715
716DECLARE_AES_EVP(128,ecb,ECB);
717DECLARE_AES_EVP(128,cbc,CBC);
718DECLARE_AES_EVP(128,cfb,CFB);
719DECLARE_AES_EVP(128,ofb,OFB);
720
721DECLARE_AES_EVP(192,ecb,ECB);
722DECLARE_AES_EVP(192,cbc,CBC);
723DECLARE_AES_EVP(192,cfb,CFB);
724DECLARE_AES_EVP(192,ofb,OFB);
725
726DECLARE_AES_EVP(256,ecb,ECB);
727DECLARE_AES_EVP(256,cbc,CBC);
728DECLARE_AES_EVP(256,cfb,CFB);
729DECLARE_AES_EVP(256,ofb,OFB);
730
731static int
732padlock_ciphers (ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid)
733{
734 /* No specific cipher => return a list of supported nids ... */
735 if (!cipher) {
736 *nids = padlock_cipher_nids;
737 return padlock_cipher_nids_num;
738 }
739
740 /* ... or the requested "cipher" otherwise */
741 switch (nid) {
742 case NID_aes_128_ecb:
743 *cipher = &padlock_aes_128_ecb;
744 break;
745 case NID_aes_128_cbc:
746 *cipher = &padlock_aes_128_cbc;
747 break;
748 case NID_aes_128_cfb:
749 *cipher = &padlock_aes_128_cfb;
750 break;
751 case NID_aes_128_ofb:
752 *cipher = &padlock_aes_128_ofb;
753 break;
754
755 case NID_aes_192_ecb:
756 *cipher = &padlock_aes_192_ecb;
757 break;
758 case NID_aes_192_cbc:
759 *cipher = &padlock_aes_192_cbc;
760 break;
761 case NID_aes_192_cfb:
762 *cipher = &padlock_aes_192_cfb;
763 break;
764 case NID_aes_192_ofb:
765 *cipher = &padlock_aes_192_ofb;
766 break;
767
768 case NID_aes_256_ecb:
769 *cipher = &padlock_aes_256_ecb;
770 break;
771 case NID_aes_256_cbc:
772 *cipher = &padlock_aes_256_cbc;
773 break;
774 case NID_aes_256_cfb:
775 *cipher = &padlock_aes_256_cfb;
776 break;
777 case NID_aes_256_ofb:
778 *cipher = &padlock_aes_256_ofb;
779 break;
780
781 default:
782 /* Sorry, we don't support this NID */
783 *cipher = NULL;
784 return 0;
785 }
786
787 return 1;
788}
789
790/* Prepare the encryption key for PadLock usage */
791static int
792padlock_aes_init_key (EVP_CIPHER_CTX *ctx, const unsigned char *key,
793 const unsigned char *iv, int enc)
794{
795 struct padlock_cipher_data *cdata;
796 int key_len = EVP_CIPHER_CTX_key_length(ctx) * 8;
797
798 if (key==NULL) return 0; /* ERROR */
799
800 cdata = ALIGNED_CIPHER_DATA(ctx);
801 memset(cdata, 0, sizeof(struct padlock_cipher_data));
802
803 /* Prepare Control word. */
804 if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_OFB_MODE)
805 cdata->cword.b.encdec = 0;
806 else
807 cdata->cword.b.encdec = (ctx->encrypt == 0);
808 cdata->cword.b.rounds = 10 + (key_len - 128) / 32;
809 cdata->cword.b.ksize = (key_len - 128) / 64;
810
811 switch(key_len) {
812 case 128:
813 /* PadLock can generate an extended key for
814 AES128 in hardware */
815 memcpy(cdata->ks.rd_key, key, AES_KEY_SIZE_128);
816 cdata->cword.b.keygen = 0;
817 break;
818
819 case 192:
820 case 256:
821 /* Generate an extended AES key in software.
822 Needed for AES192/AES256 */
823 /* Well, the above applies to Stepping 8 CPUs
824 and is listed as hardware errata. They most
825 likely will fix it at some point and then
826 a check for stepping would be due here. */
827 if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_CFB_MODE ||
828 EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_OFB_MODE ||
829 enc)
830 AES_set_encrypt_key(key, key_len, &cdata->ks);
831 else
832 AES_set_decrypt_key(key, key_len, &cdata->ks);
833#ifndef AES_ASM
834 /* OpenSSL C functions use byte-swapped extended key. */
835 padlock_bswapl(&cdata->ks);
836#endif
837 cdata->cword.b.keygen = 1;
838 break;
839
840 default:
841 /* ERROR */
842 return 0;
843 }
844
845 /*
846 * This is done to cover for cases when user reuses the
847 * context for new key. The catch is that if we don't do
848 * this, padlock_eas_cipher might proceed with old key...
849 */
850 padlock_reload_key ();
851
852 return 1;
853}
854
855/*
856 * Simplified version of padlock_aes_cipher() used when
857 * 1) both input and output buffers are at aligned addresses.
858 * or when
859 * 2) running on a newer CPU that doesn't require aligned buffers.
860 */
861static int
862padlock_aes_cipher_omnivorous(EVP_CIPHER_CTX *ctx, unsigned char *out_arg,
863 const unsigned char *in_arg, size_t nbytes)
864{
865 struct padlock_cipher_data *cdata;
866 void *iv;
867
868 cdata = ALIGNED_CIPHER_DATA(ctx);
869 padlock_verify_context(cdata);
870
871 switch (EVP_CIPHER_CTX_mode(ctx)) {
872 case EVP_CIPH_ECB_MODE:
873 padlock_xcrypt_ecb(nbytes/AES_BLOCK_SIZE, cdata, out_arg, in_arg);
874 break;
875
876 case EVP_CIPH_CBC_MODE:
877 memcpy(cdata->iv, ctx->iv, AES_BLOCK_SIZE);
878 iv = padlock_xcrypt_cbc(nbytes/AES_BLOCK_SIZE, cdata, out_arg, in_arg);
879 memcpy(ctx->iv, iv, AES_BLOCK_SIZE);
880 break;
881
882 case EVP_CIPH_CFB_MODE:
883 memcpy(cdata->iv, ctx->iv, AES_BLOCK_SIZE);
884 iv = padlock_xcrypt_cfb(nbytes/AES_BLOCK_SIZE, cdata, out_arg, in_arg);
885 memcpy(ctx->iv, iv, AES_BLOCK_SIZE);
886 break;
887
888 case EVP_CIPH_OFB_MODE:
889 memcpy(cdata->iv, ctx->iv, AES_BLOCK_SIZE);
890 padlock_xcrypt_ofb(nbytes/AES_BLOCK_SIZE, cdata, out_arg, in_arg);
891 memcpy(ctx->iv, cdata->iv, AES_BLOCK_SIZE);
892 break;
893
894 default:
895 return 0;
896 }
897
898 memset(cdata->iv, 0, AES_BLOCK_SIZE);
899
900 return 1;
901}
902
903#ifndef PADLOCK_CHUNK
904# define PADLOCK_CHUNK 512 /* Must be a power of 2 larger than 16 */
905#endif
906#if PADLOCK_CHUNK<16 || PADLOCK_CHUNK&(PADLOCK_CHUNK-1)
907# error "insane PADLOCK_CHUNK..."
908#endif
909
910/* Re-align the arguments to 16-Bytes boundaries and run the
911 encryption function itself. This function is not AES-specific. */
912static int
913padlock_aes_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out_arg,
914 const unsigned char *in_arg, size_t nbytes)
915{
916 struct padlock_cipher_data *cdata;
917 const void *inp;
918 unsigned char *out;
919 void *iv;
920 int inp_misaligned, out_misaligned, realign_in_loop;
921 size_t chunk, allocated=0;
922
923 /* ctx->num is maintained in byte-oriented modes,
924 such as CFB and OFB... */
925 if ((chunk = ctx->num)) { /* borrow chunk variable */
926 unsigned char *ivp=ctx->iv;
927
928 switch (EVP_CIPHER_CTX_mode(ctx)) {
929 case EVP_CIPH_CFB_MODE:
930 if (chunk >= AES_BLOCK_SIZE)
931 return 0; /* bogus value */
932
933 if (ctx->encrypt)
934 while (chunk<AES_BLOCK_SIZE && nbytes!=0) {
935 ivp[chunk] = *(out_arg++) = *(in_arg++) ^ ivp[chunk];
936 chunk++, nbytes--;
937 }
938 else while (chunk<AES_BLOCK_SIZE && nbytes!=0) {
939 unsigned char c = *(in_arg++);
940 *(out_arg++) = c ^ ivp[chunk];
941 ivp[chunk++] = c, nbytes--;
942 }
943
944 ctx->num = chunk%AES_BLOCK_SIZE;
945 break;
946 case EVP_CIPH_OFB_MODE:
947 if (chunk >= AES_BLOCK_SIZE)
948 return 0; /* bogus value */
949
950 while (chunk<AES_BLOCK_SIZE && nbytes!=0) {
951 *(out_arg++) = *(in_arg++) ^ ivp[chunk];
952 chunk++, nbytes--;
953 }
954
955 ctx->num = chunk%AES_BLOCK_SIZE;
956 break;
957 }
958 }
959
960 if (nbytes == 0)
961 return 1;
962#if 0
963 if (nbytes % AES_BLOCK_SIZE)
964 return 0; /* are we expected to do tail processing? */
965#else
966 /* nbytes is always multiple of AES_BLOCK_SIZE in ECB and CBC
967 modes and arbitrary value in byte-oriented modes, such as
968 CFB and OFB... */
969#endif
970
971 /* VIA promises CPUs that won't require alignment in the future.
972 For now padlock_aes_align_required is initialized to 1 and
973 the condition is never met... */
974 /* C7 core is capable to manage unaligned input in non-ECB[!]
975 mode, but performance penalties appear to be approximately
976 same as for software alignment below or ~3x. They promise to
977 improve it in the future, but for now we can just as well
978 pretend that it can only handle aligned input... */
979 if (!padlock_aes_align_required && (nbytes%AES_BLOCK_SIZE)==0)
980 return padlock_aes_cipher_omnivorous(ctx, out_arg, in_arg, nbytes);
981
982 inp_misaligned = (((size_t)in_arg) & 0x0F);
983 out_misaligned = (((size_t)out_arg) & 0x0F);
984
985 /* Note that even if output is aligned and input not,
986 * I still prefer to loop instead of copy the whole
987 * input and then encrypt in one stroke. This is done
988 * in order to improve L1 cache utilization... */
989 realign_in_loop = out_misaligned|inp_misaligned;
990
991 if (!realign_in_loop && (nbytes%AES_BLOCK_SIZE)==0)
992 return padlock_aes_cipher_omnivorous(ctx, out_arg, in_arg, nbytes);
993
994 /* this takes one "if" out of the loops */
995 chunk = nbytes;
996 chunk %= PADLOCK_CHUNK;
997 if (chunk==0) chunk = PADLOCK_CHUNK;
998
999 if (out_misaligned) {
1000 /* optmize for small input */
1001 allocated = (chunk<nbytes?PADLOCK_CHUNK:nbytes);
1002 out = alloca(0x10 + allocated);
1003 out = NEAREST_ALIGNED(out);
1004 }
1005 else
1006 out = out_arg;
1007
1008 cdata = ALIGNED_CIPHER_DATA(ctx);
1009 padlock_verify_context(cdata);
1010
1011 switch (EVP_CIPHER_CTX_mode(ctx)) {
1012 case EVP_CIPH_ECB_MODE:
1013 do {
1014 if (inp_misaligned)
1015 inp = padlock_memcpy(out, in_arg, chunk);
1016 else
1017 inp = in_arg;
1018 in_arg += chunk;
1019
1020 padlock_xcrypt_ecb(chunk/AES_BLOCK_SIZE, cdata, out, inp);
1021
1022 if (out_misaligned)
1023 out_arg = padlock_memcpy(out_arg, out, chunk) + chunk;
1024 else
1025 out = out_arg+=chunk;
1026
1027 nbytes -= chunk;
1028 chunk = PADLOCK_CHUNK;
1029 } while (nbytes);
1030 break;
1031
1032 case EVP_CIPH_CBC_MODE:
1033 memcpy(cdata->iv, ctx->iv, AES_BLOCK_SIZE);
1034 goto cbc_shortcut;
1035 do {
1036 if (iv != cdata->iv)
1037 memcpy(cdata->iv, iv, AES_BLOCK_SIZE);
1038 chunk = PADLOCK_CHUNK;
1039 cbc_shortcut: /* optimize for small input */
1040 if (inp_misaligned)
1041 inp = padlock_memcpy(out, in_arg, chunk);
1042 else
1043 inp = in_arg;
1044 in_arg += chunk;
1045
1046 iv = padlock_xcrypt_cbc(chunk/AES_BLOCK_SIZE, cdata, out, inp);
1047
1048 if (out_misaligned)
1049 out_arg = padlock_memcpy(out_arg, out, chunk) + chunk;
1050 else
1051 out = out_arg+=chunk;
1052
1053 } while (nbytes -= chunk);
1054 memcpy(ctx->iv, iv, AES_BLOCK_SIZE);
1055 break;
1056
1057 case EVP_CIPH_CFB_MODE:
1058 memcpy (iv = cdata->iv, ctx->iv, AES_BLOCK_SIZE);
1059 chunk &= ~(AES_BLOCK_SIZE-1);
1060 if (chunk) goto cfb_shortcut;
1061 else goto cfb_skiploop;
1062 do {
1063 if (iv != cdata->iv)
1064 memcpy(cdata->iv, iv, AES_BLOCK_SIZE);
1065 chunk = PADLOCK_CHUNK;
1066 cfb_shortcut: /* optimize for small input */
1067 if (inp_misaligned)
1068 inp = padlock_memcpy(out, in_arg, chunk);
1069 else
1070 inp = in_arg;
1071 in_arg += chunk;
1072
1073 iv = padlock_xcrypt_cfb(chunk/AES_BLOCK_SIZE, cdata, out, inp);
1074
1075 if (out_misaligned)
1076 out_arg = padlock_memcpy(out_arg, out, chunk) + chunk;
1077 else
1078 out = out_arg+=chunk;
1079
1080 nbytes -= chunk;
1081 } while (nbytes >= AES_BLOCK_SIZE);
1082
1083 cfb_skiploop:
1084 if (nbytes) {
1085 unsigned char *ivp = cdata->iv;
1086
1087 if (iv != ivp) {
1088 memcpy(ivp, iv, AES_BLOCK_SIZE);
1089 iv = ivp;
1090 }
1091 ctx->num = nbytes;
1092 if (cdata->cword.b.encdec) {
1093 cdata->cword.b.encdec=0;
1094 padlock_reload_key();
1095 padlock_xcrypt_ecb(1,cdata,ivp,ivp);
1096 cdata->cword.b.encdec=1;
1097 padlock_reload_key();
1098 while(nbytes) {
1099 unsigned char c = *(in_arg++);
1100 *(out_arg++) = c ^ *ivp;
1101 *(ivp++) = c, nbytes--;
1102 }
1103 }
1104 else { padlock_reload_key();
1105 padlock_xcrypt_ecb(1,cdata,ivp,ivp);
1106 padlock_reload_key();
1107 while (nbytes) {
1108 *ivp = *(out_arg++) = *(in_arg++) ^ *ivp;
1109 ivp++, nbytes--;
1110 }
1111 }
1112 }
1113
1114 memcpy(ctx->iv, iv, AES_BLOCK_SIZE);
1115 break;
1116
1117 case EVP_CIPH_OFB_MODE:
1118 memcpy(cdata->iv, ctx->iv, AES_BLOCK_SIZE);
1119 chunk &= ~(AES_BLOCK_SIZE-1);
1120 if (chunk) do {
1121 if (inp_misaligned)
1122 inp = padlock_memcpy(out, in_arg, chunk);
1123 else
1124 inp = in_arg;
1125 in_arg += chunk;
1126
1127 padlock_xcrypt_ofb(chunk/AES_BLOCK_SIZE, cdata, out, inp);
1128
1129 if (out_misaligned)
1130 out_arg = padlock_memcpy(out_arg, out, chunk) + chunk;
1131 else
1132 out = out_arg+=chunk;
1133
1134 nbytes -= chunk;
1135 chunk = PADLOCK_CHUNK;
1136 } while (nbytes >= AES_BLOCK_SIZE);
1137
1138 if (nbytes) {
1139 unsigned char *ivp = cdata->iv;
1140
1141 ctx->num = nbytes;
1142 padlock_reload_key(); /* empirically found */
1143 padlock_xcrypt_ecb(1,cdata,ivp,ivp);
1144 padlock_reload_key(); /* empirically found */
1145 while (nbytes) {
1146 *(out_arg++) = *(in_arg++) ^ *ivp;
1147 ivp++, nbytes--;
1148 }
1149 }
1150
1151 memcpy(ctx->iv, cdata->iv, AES_BLOCK_SIZE);
1152 break;
1153
1154 default:
1155 return 0;
1156 }
1157
1158 /* Clean the realign buffer if it was used */
1159 if (out_misaligned) {
1160 volatile unsigned long *p=(void *)out;
1161 size_t n = allocated/sizeof(*p);
1162 while (n--) *p++=0;
1163 }
1164
1165 memset(cdata->iv, 0, AES_BLOCK_SIZE);
1166
1167 return 1;
1168}
1169
1170#endif /* OPENSSL_NO_AES */
1171
1172/* ===== Random Number Generator ===== */
1173/*
1174 * This code is not engaged. The reason is that it does not comply
1175 * with recommendations for VIA RNG usage for secure applications
1176 * (posted at http://www.via.com.tw/en/viac3/c3.jsp) nor does it
1177 * provide meaningful error control...
1178 */
1179/* Wrapper that provides an interface between the API and
1180 the raw PadLock RNG */
1181static int
1182padlock_rand_bytes(unsigned char *output, int count)
1183{
1184 unsigned int eax, buf;
1185
1186 while (count >= 8) {
1187 eax = padlock_xstore(output, 0);
1188 if (!(eax&(1<<6))) return 0; /* RNG disabled */
1189 /* this ---vv--- covers DC bias, Raw Bits and String Filter */
1190 if (eax&(0x1F<<10)) return 0;
1191 if ((eax&0x1F)==0) continue; /* no data, retry... */
1192 if ((eax&0x1F)!=8) return 0; /* fatal failure... */
1193 output += 8;
1194 count -= 8;
1195 }
1196 while (count > 0) {
1197 eax = padlock_xstore(&buf, 3);
1198 if (!(eax&(1<<6))) return 0; /* RNG disabled */
1199 /* this ---vv--- covers DC bias, Raw Bits and String Filter */
1200 if (eax&(0x1F<<10)) return 0;
1201 if ((eax&0x1F)==0) continue; /* no data, retry... */
1202 if ((eax&0x1F)!=1) return 0; /* fatal failure... */
1203 *output++ = (unsigned char)buf;
1204 count--;
1205 }
1206 *(volatile unsigned int *)&buf=0;
1207
1208 return 1;
1209}
1210
1211/* Dummy but necessary function */
1212static int
1213padlock_rand_status(void)
1214{
1215 return 1;
1216}
1217
1218/* Prepare structure for registration */
1219static RAND_METHOD padlock_rand = {
1220 NULL, /* seed */
1221 padlock_rand_bytes, /* bytes */
1222 NULL, /* cleanup */
1223 NULL, /* add */
1224 padlock_rand_bytes, /* pseudorand */
1225 padlock_rand_status, /* rand status */
1226};
1227
1228#else /* !COMPILE_HW_PADLOCK */
1229#ifndef OPENSSL_NO_DYNAMIC_ENGINE
1230OPENSSL_EXPORT
1231int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns);
1232OPENSSL_EXPORT
1233int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { return 0; }
1234IMPLEMENT_DYNAMIC_CHECK_FN()
1235#endif
1236#endif /* COMPILE_HW_PADLOCK */
1237
1238#endif /* !OPENSSL_NO_HW_PADLOCK */
1239#endif /* !OPENSSL_NO_HW */
diff --git a/src/lib/libssl/src/engines/e_padlock.ec b/src/lib/libssl/src/engines/e_padlock.ec
deleted file mode 100644
index 5c8a1d26a5..0000000000
--- a/src/lib/libssl/src/engines/e_padlock.ec
+++ /dev/null
@@ -1 +0,0 @@
1L PADLOCK e_padlock_err.h e_padlock_err.c
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-10-24 13:12:37 +0000